New and Noteworthy

• Now generally available: Pull log data directly from your Azure container by using our Azure Blob Storage Data Transport integration.

Schema Changes

• The Azure.SignIn schema has been deprecated.

  • Events from log sources that were set to use this log type will instead be classified using our Azure.Audit schema, which has been expanded to include the event fields from the deprecated schema. 

  • Any detections that targeted Azure.SignIn should be updated to target Azure.Audit instead.

  • Existing data lake tables for Azure.SignIn will not be removed.

• Updated the GitHub.Audit and GitHub.Webhook schemas to include multiple additional fields.

Panther Developer Workflows

• panther-analysis version 3.15.0 has been released, featuring numerous fixes to Panther-managed detections as well as other updates.

• panther_analysis_tool version 0.27.0 has been released.

Enhancements

• Updated the handling of special characters in field names that are discovered using field discovery.

Bug Fixes

• Fixed dynamic title field value selection issues with simple detections.

• Added several workflow fixes when creating and editing simple detections.